Sunday, November 27, 2011

QR Code Security Flaw in Starbucks Gift Cards

An Ottawa man says the problem with Starbucks gift cards is that when you buy one, anybody can have access to the money on it.

"Obviously Starbucks wants you to put money on them (the cards) but there's nothing stopping anyone from going in there and looking at the card and taking the numbers off," said Chris Ewing.

Ewing says all it takes is someone walking into the coffee shop, copying the 16-digit number on the back of the card, downloading the Starbucks mobile application and generating a barcode to use the money eventually loaded on the card. "I'm not the most experienced person when it comes to this which means there are a lot more people out there much more experienced."

Ewing says he has been trying to warn Starbucks about the flaw for weeks now. When CTV's Joanne Schnurr and Ewing went out to see if it had been fixed, they discovered it had not. Ewing was able to use money off a $10 gift card CTV purchased leaving $5.25. Starbucks has not returned the investigation team's calls.

Ewing says the solution is simple: put the cards behind the counter where customers or potential scammers can't reach them.